[0001]
[0002]
[0003]
[0004]
[0005]
[0006]
[0007]
[0008]
[0009]
[0010]
[0011]
[0012]
[0013]
[0014]
[0015]
[0016]
[0017]
[0018]
[0019]
[0020]
[0021]
[0022]
[0023]
[0024]
[0025]
[0026]
[0027]
[0028]
[0029]
[0030]
[0031]
[0032]
[0033]
[0034]
[0035]
[0036]
[0037]
[0038]
[0039]
[0040]
[0041]
[0042]
[0043]
[0044]
[0045]
[0046]
[0047]
[0048]
[0049]
[0050]
[0051]
[0052]
[0053]
[0054]
[0055]
[0056]
[0057]
[0058]
[0059]
[0060]
[0061]
[0062]
[0063]
[0064]
[0065]
[0066]
[0067]
[0068]
[0069]
[0070]
[0071]
[0072]
[0073]
[0074]
[0075]
[0076]
[0077]
[0078]
[0079]
[0080]
[0081]
[0082]
[0083]
[0084]
[0085]
[0086]
[0087]
[0088]
[0089]
[0090]
[0091]
[0092]
[0093]
[0094]
[0095]
[0096]
[0097]
[0098]
[0099]
[0100]
[0101]
[0102]
[0103]
[0104]
[0105]
[0106]
[0107]
[0108]
[0109]
[0110]
[0111]
[0112]
[0113]
[0114]
[0115]
[0116]
[0117]
[0118]
[0119]
[0120]
[0121]
[0122]
[0123]
[0124]
[0125]
[0126]
[0127]
[0128]
[0129]
[0130]
[0131]
[0132]
[0133]
[0134]
[0135]
[0136]
[0137]
[0138]
[0139]
[0140]
[0141]
[0142]
[0143]
[0144]
[0145]
[0146]
[0147]
[0148]
[0149]
[0150]
[0151]
[0152]
[0153]
[0154]
[0155]
[0156]
[0157]
[0158]
[0159]
[0160]
[0161]
[0162]
[0163]
[0164]
[0165]
[0166]
[0167]
[0168]
[0169]
[0170]
[0171]
[0172]
[0173]
[0174]
[0175]
[0176]
[0177]
[0178]
[0179]
[0180]
[0181]
[0182]
[0183]
[0184]
[0185]
[0186]
[0187]
[0188]
[0189]
[0190]
[0191]
[0192]
[0193]
[0194]
[0195]
[0196]
[0197]
[0198]
[0199]
[0200]
[0201]
[0202]
[0203]
[0204]
[0205]
[0206]
[0207]
[0208]
[0209]
[0210]
[0211]
[0212]
[0213]
[0214]
[0215]
[0216]
[0217]
[0218]
[0219]
[0220]
[0221]
[0222]
[0223]
[0224]
[0225]
[0226]
[0227]
[0228]
[0229]
[0230]
[0231]
[0232]
[0233]
[0234]
[0235]
[0236]
[0237]
[0238]
[0239]
[0240]
[0241]
[0242]
[0243]
[0244]
[0245]
[0246]
[0247]
[0248]
[0249]
[0250]
[0251]
[0252]
[0253]
[0254]
[0255]
[0256]
[0257]
[0258]
[0259]
[0260]
[0261]
[0262]
[0263]
[0264]
[0265]
[0266]
[0267]
[0268]
[0269]
[0270]
[0271]
[0272]
[0273]
[0274]
[0275]
[0276]
[0277]
[0278]
[0279]
[0280]
[0281]
[0282]
[0283]
[0284]
[0285]
[0286]
[0287]
[0288]
[0289]
[0290]
[0291]
[0292]
[0293]
[0294]
[0295]
[0296]
[0297]
[0298]
[0299]
[0300]
[0301]
[0302]
[0303]
[0304]
[0305]
[0306]
[0307]
[0308]
[0309]
[0310]
[0311]
[0312]
[0313]
[0314]
[0315]
[0316]
[0317]
[0318]
[0319]
[0320]
[0321]
[0322]
[0323]
[0324]
[0325]
[0326]
[0327]
[0328]
[0329]
[0330]
[0331]
[0332]
[0333]
[0334]
[0335]
[0336]
[0337]
[0338]
[0339]
[0340]
[0341]
[0342]
[0343]
[0344]
[0345]
[0346]
[0347]
[0348]
[0349]
[0350]
[0351]
[0352]
[0353]
[0354]
[0355]
[0356]
[0357]
[0358]
[0359]
[0360]
[0361]
[0362]
[0363]
[0364]
[0365]
[0366]
[0367]
[0368]
[0369]
[0370]
[0371]
[0372]
[0373]
[0374]
[0375]
[0376]
[0377]
[0378]
[0379]
[0380]
[0381]
[0382]
[0383]
[0384]
[0385]
[0386]
[0387]
[0388]
[0389]
[0390]
[0391]
[0392]
[0393]
[0394]
[0395]
[0396]
[0397]
[0398]
[0399]
[0400]
[0401]
[0402]
[0403]
[0404]
[0405]
[0406]
[0407]
[0408]
[0409]
[0410]
[0411]
[0412]
[0413]
[0414]
[0415]
[0416]
[0417]
[0418]
[0419]
[0420]
[0421]
[0422]
[0423]
[0424]
[0425]
[0426]
[0427]
[0428]
[0429]
[0430]
[0431]
[0432]
[0433]
[0434]
[0435]
[0436]
[0437]
[0438]
[0439]
[0440]
[0441]
[0442]
[0443]
[0444]
[0445]
[0446]
[0447]
[0448]
[0449]
[0450]
[0451]
[0452]
[0453]
[0454]
[0455]
[0456]
[0457]
[0458]
[0459]
[0460]
[0461]
[0462]
[0463]
[0464]
[0465]
[0466]
[0467]
[0468]
[0469]
[0470]
[0471]
[0472]
[0473]
[0474]
[0475]
[0476]
[0477]
[0478]
[0479]
[0480]
[0481]
[0482]
[0483]
[0484]
[0485]
[0486]
[0487]
[0488]
[0489]
[0490]
[0491]
[0492]
[0493]
[0494]
[0495]
[0496]
[0497]
[0498]
[0499]
[0500]
[0501]
[0502]
[0503]
[0504]
[0505]
[0506]
[0507]
[0508]
[0509]
[0510]
[0511]
[0512]
[0513]
[0514]
[0515]
[0516]
[0517]
[0518]
[0519]
[0520]
[0521]
[0522]
[0523]
[0524]
[0525]
[0526]
[0527]
[0528]
[0529]
[0530]
[0531]
[0532]
[0533]
[0534]
[0535]
[0536]
[0537]
[0538]
[0539]
[0540]
[0541]
[0542]
[0543]
[0544]
[0545]
[0546]
[0547]
[0548]
[0549]
[0550]
[0551]
[0552]
[0553]
[0554]
[0555]
[0556]
[0557]
[0558]
[0559]
[0560]
[0561]
[0562]
[0563]
[0564]
[0565]
[0566]
[0567]
[0568]
[0569]
[0570]
[0571]
[0572]
[0573]
[0574]
[0575]
[0576]
[0577]
[0578]
[0579]
[0580]
[0581]
[0582]
[0583]
[0584]
[0585]
[0586]
[0587]
[0588]
[0589]
[0590]
[0591]
[0592]
[0593]
[0594]
[0595]
[0596]
[0597]
[0598]
[0599]
[0600]
[0601]
[0602]
[0603]
[0604]
[0605]
[0606]
[0607]
[0608]
[0609]
[0610]
[0611]
[0612]
[0613]
[0614]
[0615]
[0616]
[0617]
[0618]
[0619]
[0620]
[0621]
[0622]
[0623]
[0624]
[0625]
[0626]
[0627]
[0628]
[0629]
[0630]
[0631]
[0632]
[0633]
[0634]
[0635]
[0636]
[0637]
[0638]
[0639]
[0640]
[0641]
[0642]
[0643]
[0644]
[0645]
[0646]
[0647]
[0648]
[0649]
[0650]
[0651]
[0652]
[0653]
[0654]
[0655]
[0656]
[0657]
[0658]
[0659]
[0660]
[0661]
[0662]
[0663]
[0664]
[0665]
[0666]
[0667]
[0668]
[0669]
[0670]
[0671]
[0672]
[0673]
[0674]
[0675]
[0676]
[0677]
[0678]
[0679]
[0680]
[0681]
[0682]
[0683]
[0684]
[0685]
[0686]
[0687]
[0688]
[0689]
[0690]
[0691]
[0692]
[0693]
[0694]
[0695]
[0696]
[0697]
[0698]
[0699]
[0700]
[0701]
[0702]
[0703]
[0704]
[0705]
[0706]
[0707]
[0708]
[0709]
[0710]
[0711]
[0712]
[0713]
[0714]
[0715]
[0716]
[0717]
[0718]
[0719]
[0720]
[0721]
[0722]
[0723]
[0724]
[0725]
[0726]
[0727]
[0728]
[0729]
[0730]
[0731]
[0732]
[0733]
[0734]
[0735]
[0736]
[0737]
[0738]
[0739]
[0740]
[0741]
[0742]
[0743]
[0744]
[0745]
[0746]
[0747]
[0748]
[0749]
[0750]
[0751]
[0752]
[0753]
[0754]
[0755]
[0756]
[0757]
[0758]
[0759]
[0760]
[0761]
[0762]
[0763]
[0764]
[0765]
[0766]
[0767]
[0768]
[0769]
[0770]
[0771]
[0772]
[0773]
[0774]
[0775]
[0776]
[0777]
[0778]
[0779]
[0780]
[0781]
[0782]
[0783]
[0784]
[0785]
[0786]
[0787]
[0788]
[0789]
[0790]
[0791]
[0792]
[0793]
[0794]
[0795]
[0796]
[0797]
[0798]
[0799]
[0800]
[0801]
[0802]
[0803]
[0804]
[0805]
[0806]
[0807]
[0808]
[0809]
[0810]
[0811]
[0812]
[0813]
[0814]
[0815]
[0816]
[0817]
[0818]
[0819]
[0820]
[0821]
[0822]
[0823]
[0824]
[0825]
[0826]
[0827]
[0828]
[0829]
[0830]
[0831]
[0832]
[0833]
[0834]
[0835]
[0836]
[0837]
[0838]
[0839]
[0840]
[0841]
[0842]
[0843]
[0844]
[0845]
[0846]
[0847]
[0848]
[0849]
[0850]
[0851]
[0852]
[0853]
[0854]
[0855]
[0856]
[0857]
[0858]
[0859]
[0860]
[0861]
[0862]
[0863]
[0864]
[0865]
[0866]
[0867]
[0868]
[0869]
[0870]
[0871]
[0872]
[0873]
[0874]
[0875]
[0876]
[0877]
[0878]
[0879]
[0880]
[0881]
[0882]
[0883]
[0884]
[0885]
[0886]
[0887]
[0888]
[0889]
[0890]
[0891]
[0892]
[0893]
[0894]
[0895]
[0896]
[0897]
[0898]
[0899]
[0900]
[0901]
[0902]
[0903]
[0904]
[0905]
[0906]
[0907]
[0908]
[0909]
[0910]
[0911]
[0912]
[0913]
[0914]
[0915]
[0916]
[0917]
[0918]
[0919]
[0920]
[0921]
[0922]
[0923]
[0924]
[0925]
[0926]
[0927]
[0928]
[0929]
[0930]
[0931]
[0932]
[0933]
[0934]
[0935]
[0936]
[0937]
[0938]
[0939]
[0940]
[0941]
[0942]
[0943]
[0944]
[0945]
[0946]
[0947]
[0948]
[0949]
[0950]
[0951]
[0952]
[0953]
[0954]
[0955]
[0956]
[0957]
[0958]
[0959]
[0960]
[0961]
[0962]
[0963]
[0964]
[0965]
[0966]
[0967]
[0968]
[0969]
[0970]
[0971]
[0972]
[0973]
[0974]
[0975]
[0976]
[0977]
[0978]
[0979]
[0980]
[0981]
[0982]
[0983]
[0984]
[0985]
[0986]
[0987]
[0988]
[0989]
[0990]
[0991]
[0992]
[0993]
[0994]
[0995]
[0996]
[0997]
[0998]
[0999]
[1000]
[1001]
[1002]
[1003]
[1004]
[1005]
[1006]
[1007]
[1008]
[1009]
[1010]
[1011]
[1012]
[1013]
[1014]
[1015]
[1016]
[1017]
[1018]
[1019]
[1020]
[1021]
[1022]
[1023]
[1024]
[1025]
[1026]
[1027]
[1028]
[1029]
[1030]
[1031]
[1032]
[1033]
[1034]
[1035]
[1036]
[1037]
[1038]
[1039]
[1040]
[1041]
[1042]
[1043]
[1044]
[1045]
[1046]
[1047]
[1048]
[1049]
[1050]
[1051]
[1052]
[1053]
[1054]
[1055]
[1056]
[1057]
[1058]
[1059]
[1060]
[1061]
[1062]
[1063]
[1064]
[1065]
[1066]
[1067]
[1068]
[1069]
[1070]
[1071]
[1072]
[1073]
[1074]
[1075]
[1076]
[1077]
[1078]
[1079]
[1080]
[1081]
[1082]
[1083]
[1084]
[1085]
[1086]
[1087]
[1088]
[1089]
[1090]
[1091]
[1092]
[1093]
[1094]
[1095]
[1096]
[1097]
[1098]
[1099]
[1100]
[1101]
[1102]
[1103]
[1104]
[1105]
[1106]
[1107]
[1108]
[1109]
[1110]
[1111]
[1112]
[1113]
[1114]
[1115]
[1116]
<!DOCTYPE html>
<!-- WASDOC AXP-2.0.0 (CGILIB AXP-1.9.9) -->
<!-- wasDOC Copyright (C) 2019,2020 Mark G.Daniel - Apache-2.0 licenced -->
<!-- 3-NOV-2021 02:50 -->
<noscript>NOTE: SOME FUNCTIONALITY EMPLOYS JAVASCRIPT</noscript>
<div id="erreport1" style="display:none;"></div>
<script>
function errorReport(string) {
for (var cnt = 1; cnt <= 2; cnt++) {
var err = document.getElementById('erreport'+cnt);
err.style.display = 'block';
err.innerHTML += string;
}
}
</script>
<style type="text/css">
html { font-family: arial, verdana, sans-serif; font-size:12pt; margin:1em; }
h1 { font-size:124%; font-style:bold;
margin-top:1em; margin-bottom:0.5em; }
h2 { font-size:120%; font-style:bold;
margin-top:1.1em; margin-bottom:0.4em; }
h3 { font-size:116%; font-style:bold;
margin-top:1.0em; margin-bottom:0.3em; }
h4 { font-size:112%; font-style:bold;
margin-top:1.1em; margin-bottom:0.3em; }
h5 { font-size:112%; font-style:bold;
margin-top:1.1em; margin-bottom:0.3em; }
h6 { font-size:112%; font-style:bold; padding:0; margin:0; }
h1 .text { text-decoration:underline; }
h1 .numb { padding-right:0.8em; }
h1 .numb:empty { display:none; padding-right:0; }
h2 .numb { padding-right:0.8em; }
h2 .numb:empty { display:none; padding-right:0; }
h3 .numb { padding-right:0.8em; }
h3 .numb:empty { display:none; padding-right:0; }
h4 .numb { padding-right:0.8em; }
h4 .numb:empty { display:none; padding-right:0; }
h5 .numb { display:none; padding-right:0; }
h6 .numb { display:none; padding-right:0; }
kbd { font-family:monospace; }
noscript { font-size:1.2em; }
p { line-height:1.1em; margin-top:1em; margin-bottom:1em; }
.chunk { font-size:130%; text-decoration:underline; }
.head {}
.high {}
.bold { font-weight:bold; }
.center { text-align:center; }
.italic { font-style:italic; }
.left { text-align:left; }
.nowrap { white-space:nowrap; }
.prewrap { white-space:pre; }
.right { text-align:right; }
.strike { text-decoration:line-through; }
.under { text-decoration:underline; }
.backlight { background-color:#f2f2f2; }
.display0 { display:none; }
img { max-width:100%; }
.imglink { }
.link { }
.blank { }
.list { margin-bottom:1em; }
.list li { margin-top:0.5em; }
.list0 li { margin-top:0; }
.item {}
.tabl { border-collapse:collapse; text-align:left; margin:0.4em 2em 0.5em 2em; }
.tabu { border-collapse:collapse; text-align:right; margin:0.4em 2em 0.5em 2em; }
.tabr { vertical-align:top; }
.tabh { padding:0.2em 0 0 2em; margin:0; }
.tabd { padding:0.1em 0 0 2em; margin:0; }
.tabh:first-of-type, td:first-of-type { padding-left:0; }
.tabu .tabh,
.tabu .tabd { border:1px solid gray; padding:0.2em 0.3em 0.2em 0.3em; }
.tab0 { border:none; visibility:hidden; max-width:1em;
white-space:nowrap; overflow:hidden; }
.tabauto { margin-left:auto; margin-right:auto; }
.tabr:empty { height:0.2em; }
.tabu .tabh:empty, .tabu .tabd:empty { border:none; visibility:hidden; }
.error { font-size:110%; color:black; background-color:yellow;
font-family:sans-serif; font-weight:bold; font-style:normal;
width:95%; border:solid 1px gray; padding:0.5em 1em 0.5em 1em; }
.error::before { content:'\026a0\00a0'; }
.image { }
.page { width:98%; border:1px dashed gray; margin:1.5em 0 1.8em 0; }
.epage { width:98%; border:1px dashed black; margin:1.5em 0 1.8em 0; }
.monosp { font-family:monospace; }
.ppage { display:none; }
.simple { list-style-type:none; }
.valtop { vertical-align:top; }
.valmid { vertical-align:middle; }
.valbot { vertical-align:bottom; }
.code { border-style:solid; border-width:0 0 0 1px; padding-left:1em;
font-family:monospace; white-space:pre; }
.block { }
.blockof { margin:0.4em 2em 0.5em 2em; }
.example { border-style:dashed; border-width:0 0 0 1px; padding-left:1em;
margin-top:0.5em; margin-bottom:0.5em; white-space:pre; }
.indent { margin-left:2em; margin-right:2em; }
.noindent { margin-left:0; margin-right:0; }
.inblock { display:inline-block; }
.mono { white-space:pre; font-family:monospace; }
.note { margin:0.4em 2em 0.5em 2em; page-break-inside:avoid; }
.note h5 { margin-top:0 }
.note_hr { width:80%; border:1px solid gray; }
.prop { padding-left:1em; margin-top:0.5em; margin-bottom:0.5em; }
.quote { border-style:dashed; border-width:0 0 0 1px; padding-left:1em;
margin-top:0.5em; margin-bottom:0.5em; }
.this { display:none; }
a:link,a:visited { color:black; text-decoration:none; }
a:hover,a:active { text-decoration:underline; }
a:focus { outline:0; }
:target:before { content:''; display:block; height:0.1em; margin:-0.1em; }
a.link:link, a.link:visited,a.link:active
{ color:midnightBlue; text-decoration:underline; text-decoration-style:solid; }
.TOC1cols1 { width:80%; max-width:80%; }
.TOC1cols2 { column-count:2; width:80%; max-width:80%; }
.TOC1cols3 { column-count:3; max-width:90%; max-width:90%; }
.TOC1cols4 { column-count:4; max-width:100%; max-width:100%; }
.TOC1table { margin-left:2em; white-space:nowrap; break-inside:auto; }
.TOC1table tr { vertical-align:top; text-align:left; break-inside:avoid; break-after:auto; }
.TOC1table td+td { padding:0 0 0 0.5em; }
.TOC1table .numb { width:3em; max-width:3em; }
.TOC1table .sepr { width:5em; max-width:6em; overflow:hidden; }
.TOC1table .majr { font-weight:bold; }
.TOC1table .text { white-space:normal; }
/* These are due to Firefox (at least <= 76) recalcitrant multi-column handling.
Web search "Split table into css columns, issue in Firefox" (stackoverflow).
"Good grief, Charlie Brown!" */
.TOC1cols2 table,
.TOC1cols2 tbody,
.TOC1cols2 tr,
.TOC1cols3 table,
.TOC1cols3 tbody,
.TOC1cols3 tr,
.TOC1cols4 table,
.TOC1cols4 tbody,
.TOC1cols4 tr { display:block; padding:0; }
.TOC2cols1 { width:60%; max-width:60%; }
.TOC2cols2 { column-count:2; width:70%; max-width:70%; }
.TOC2cols3 { column-count:3; width:80%; max-width:80%; }
.TOC2cols4 { column-count:4; width:90%; max-width:90%; }
.TOC2table { margin-left:2em; white-space:nowrap; break-inside:auto; }
.TOC2table tr { vertical-align:top; text-align:left; break-inside:avoid; break-after:auto; }
.TOC2table .numb { font-weight:bold; padding-right:0.5em; }
.TOC2table .text { width:100%; white-space:normal; }
/* see "recalcitrant" above */
.TOC2cols2 table,
.TOC2cols2 tbody,
.TOC2cols2 tr,
.TOC2cols3 table,
.TOC2cols3 tbody,
.TOC2cols3 tr,
.TOC2cols4 table,
.TOC2cols4 tbody,
.TOC2cols4 tr { display:block; padding:0; }
.NAVtable { margin:0.1em 0 0 2em; }
.NAVtable td { font-size:110%; font-weight:bold; padding:0; margin:0; }
.NAVtable a { padding:0 0.5em 0 0.5em; text-decoration:none; }
.IDXcols1 { width:80%; max-width:80%; }
.IDXcols2 { column-count:2; width:90%; max-width:90%; }
.IDXcols3 { column-count:3; width:95%; max-width:95%; }
.IDXcols4 { column-count:4; width:100%; max-width:100%; }
.IDXtable { margin:1em 0 1em 2em; white-space:nowrap; break-inside:auto; }
.IDXtable tr { vertical-align:top; text-align:left; break-inside:avoid; break-after:auto; }
.IDXtable .alpha { font-weight:bold; min-width:2em; }
.IDXtable .text { width:100%; white-space:normal; }
.IDXtable .para:before { content:'\00b6\00a0'; }
/* see "recalcitrant" above */
.IDXcols2 table,
.IDXcols2 tbody,
.IDXcols2 tr,
.IDXcols3 table,
.IDXcols3 tbody,
.IDXcols3 tr,
.IDXcols4 table,
.IDXcols4 tbody,
.IDXcols4 tr { display:block; padding:0; }
.insight { background-color:cyan; font-family:monospace;
padding:0 0.2em 0 0.2em; margin:0 0.2em 0 0.2em;
font-size:100%; font-style:normal; font-weight:normal;
text-decoration:none; }
.wasdoc { font-family: "Lucida Console", Monaco, monospace;
letter-spacing:-0.07em; }
@media screen { .blank::after { content:"\2924"; }
.print { display:none; }
}
@media print {
table { page-break-inside:avoid; }
.noprint { display:none; }
.page { border:none; page-break-after: always; }
.epage { display:none; }
.ppage { page-break-after:always; }
.NAVtable { display:none; }
.NAVprint { display:block!important; }
}
@page { margin:2cm 1cm 2cm 1cm; }
</style>
<!-- source:0000_config.wasdoc -->
<style type="text/css">._smiley::after { font-size:150%; vertical-align:middle; content:'\263a' }</style>
<style type="text/css">._frowny::after { font-size:150%; vertical-align:middle; content:'\2639' }</style>
<a id="0." href="#"></a>
<title>WASD Configuration – Service Configuration</title>
<a id="7." href="#"></a>
<a id="7.serviceconfiguration" href="#"></a>
<a id="serviceconfiguration" href="#"></a>
<h1 class="head chunk">WASD Configuration</h1>
<h1 class="head"><span class="numb">7.</span><span class="text">Service Configuration</span></h1>
<div class="TOC2cols2">
<table class="TOC2table">
<tr><td><a href="config007.html#7.1.specificservices"><span class="numb">7.1</span><span class="text">Specific Services</span></a>
<tr><td><a href="config007.html#7.2.genericservices"><span class="numb">7.2</span><span class="text">Generic Services</span></a>
<tr><td><a href="config007.html#7.3.sslservices"><span class="numb">7.3</span><span class="text">SSL Services</span></a>
<tr><td><a href="config007.html#7.4.administrationservices"><span class="numb">7.4</span><span class="text">Administration Services</span></a>
<tr><td><a href="config007.html#7.5.ipv4andipv6"><span class="numb">7.5</span><span class="text">IPv4 and IPv6</span></a>
<tr><td><a href="config007.html#7.6.towwwornottowww"><span class="numb">7.6</span><span class="text">To www. Or Not To www.</span></a>
<tr><td><a href="config007.html#7.7.servicedirectives"><span class="numb">7.7</span><span class="text">Service Directives</span></a>
<tr><td><a href="config007.html#7.8.directivedetail"><span class="numb">7.8</span><span class="text">Directive Detail</span></a>
<tr><td><a href="config007.html#7.9.administration"><span class="numb">7.9</span><span class="text">Administration</span></a>
<tr><td><a href="config007.html#7.10.serviceexamples"><span class="numb">7.10</span><span class="text">Service Examples</span></a>
</table>
</div>
<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">↩︎</a>
<td><a href="config006.html#6.">↖︎</a>
<td><a href="config000.html#0.">↑︎</a>
<td><a href="config008.html#8.">↘︎</a>
<td><a href="javascript:window.history.forward();">↪︎</a>
</table>
<p> By default, the logical name <span class="high bold">WASD_CONFIG_SERVICE</span> locates a common service
configuration file. The service configuration file is optional. If the
WASD_CONFIG_SERVICE logical is not defined or the file does not exist service
configuration is made using the WASD_CONFIG_GLOBAL [Service]
<span class="high bold"><span class="high italic">(deprecated)</span></span> directives. For simple sites, those containing one or two
services, the use of a separate service configuration file is probably not
warranted. Once the number begins to grow this file offers a specific
management interface for those services.
<p> Precedence of service specifications:
<ol class="list">
<li class="item"> /SERVICE= command line qualifier
<li class="item"> WASD_CONFIG_SERVICE configuration file (if logical defined and file
exists)
<li class="item"> WASD_CONFIG_GLOBAL [Service] directive <span class="high bold"><span class="high italic">(deprecated)</span></span>
</ol>
<p> WASD <span class="high italic">services</span> are also known as <span class="high italic">virtual servers</span> or <span class="high italic">virtual hosts</span>
and can provide multiple, autonomous sites from the one HTTP server. Services
can each have an independent IP address or multiple virtual sites share a
single or set of multiple IP addresses. Whichever the case, the host name
entered into the browser URL must able to be resolved to the IP address of an
interface configured on the HTTP server system. There is no design limit to
the number of services that WASD can support. It can listen on any number of
IP ports and for any number of virtual services for any given port.
<p> The server must be able to resolve its own host name/address. It is not
unknown for completely new systems to have TCP/IP configuration overlooked.
The server must also be able to resolve the IP addresses of any configured
virtual services (<a class="link" href="config002.html#2.3.virtualservices">2.3 Virtual Services</a>). Failure to do so will result in
the service not being configured. To avoid startup issues in the absence of a
usable DNS it is suggested that for fundamental, business-critical or otherwise
important services, static entries be provided in the system TCP/IP agent's
local database.
<p> Changes to the service configuration file can be validated at the
command-line before restart. This detects and reports any syntactical and
fatal configuration errors but of course cannot check the <span class="high italic">intent</span> of
the rules.
<div class="blockof code">$ HTTPD /DO=SERVICE=CHECK
</div>
<a id="7.1" href="#"></a>
<a id="7.1.specificservices" href="#"></a>
<a id="specificservices" href="#"></a>
<h2 class="head"><span class="numb">7.1</span><span class="text">Specific Services</span></h2>
<p> In common with other configuration files, directives associated with a
specific virtual services are introduced using a double-bracket delimited host
specification (<a class="link" href="config002.html#2.3.virtualservices">2.3 Virtual Services</a>). When configuring a service the
following three components specify the essential characteristics.
<ul class="list">
<li class="item"> <span class="high bold">scheme – </span> HTTP scheme (sometimes refered to as <span class="high italic">protocol</span>). If
<span class="high italic">http:</span> (or omitted) it is a standard HTTP service. If <span class="high italic">https:</span> an SSL
service is configured.
<li class="item"> <span class="high bold">host – </span> Host name or dotted-decimal address. If omitted, or
specified as an asterisk ("*"), defaults to the system's IP host name.
<li class="item"> <span class="high bold">port – </span> IP port the service is offered on. If omitted it defaults to
80 for an <span class="high italic">http:</span> service, and to 443 for an <span class="high italic">https:</span> (SSL) service.
</ul>
<p> These WASD_CONFIG_SERVICE examples illustrate the directive.
<div class="blockof code">[[http://alpha.example.com:80]]
[[http://alpha.example.com:8080]]
</div>
<a id="7.2" href="#"></a>
<a id="7.2.genericservices" href="#"></a>
<a id="genericservices" href="#"></a>
<h2 class="head"><span class="numb">7.2</span><span class="text">Generic Services</span></h2>
<p> A <span class="high italic">generic</span> service is one that specifies a scheme and/or port but no
specific host name. This is useful in a cluster where multiple systems all
provide a basic service (e.g. a port 80 service). If the host name is omitted
or specified as an asterisk the service substitutes the system's IP host name.
<div class="blockof code">[[http://*:80]]
[[http://*:8080]]
</div>
<a id="7.3" href="#"></a>
<a id="7.3.sslservices" href="#"></a>
<a id="sslservices" href="#"></a>
<h2 class="head"><span class="numb">7.3</span><span class="text">SSL Services</span></h2>
<p> See
<a class="link blank" target="_blank" href="../features/#transportlayersecurity">Transport Layer Security</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>.
<p> Multiple virtual SSL services (https:) sharing the same certificate can
essentially be configured against any host name (unique IP address or alias)
and/or port in the same way as standard services (http:). Services requiring
unique certificates can only be configured for the same port number against
individual and unique IP addresses (i.e. not against aliases). This is not a
WASD restriction, it applies to all servers for significant SSL technical
reasons.
<p> For example, unique certificates for https://www.company1.com:443/ and
https://www.company2.com:443/ can be configured only if COMPANY1 and COMPANY2
have unique IP addresses. If COMPANY2 is an alias for COMPANY1 they must share
the same certificate. During startup service configuration the server checks
for such conditions and issues a warning about "sharing" the service
with the first configured.
<div class="blockof code">[[https://alpha.example.com]]
[[https://*:443]]
</div>
<a id="7.4" href="#"></a>
<a id="7.4.administrationservices" href="#"></a>
<a id="administrationservices" href="#"></a>
<h2 class="head"><span class="numb">7.4</span><span class="text">Administration Services</span></h2>
<p> When multiple instances are configured Server Administration page access, in
common with all request processing, is automatically shared between those
instances. There are occasions when consistent access to a single instance is
desirable. The [ServiceAdmin] directive indicates that the service port number
should be used as a <span class="high under">base</span> port and all instances create their own service
with unique port for access to that instance alone. The first instance to
create an <span class="high italic">administration service</span> uses the specified port, or the next
successive if it's already in use, the next instance will use the next
available port number, and so on. A high port number should be specified. The
Server Administration page lists these services for all server instances in the
cluster. This port configuration is not intended for general request
activity, although with appropriate mapping and other configuration there is
nothing specifically precluding the use (remembering that the actual port in
use by any particular instance may vary across restarts). In all other
respects the services can (and should) be mapped, authorized and otherwise
configured as any other.
<div class="blockof code">[[https://alpha.example.com]]
[ServiceAdmin] enabled
</div>
<a id="7.5" href="#"></a>
<a id="7.5.ipv4andipv6" href="#"></a>
<a id="ipv4andipv6" href="#"></a>
<h2 class="head"><span class="numb">7.5</span><span class="text">IPv4 and IPv6</span></h2>
<p> Both IP version 4 and 6 are concurrently supported by WASD. All networking
functionality, service creation, SSL, proxy HTTP, proxy FTP and RFC1413
authorization is IPv6 enabled. If system TCP/IP services do not support IPv6
the expected error would be
<div class="blockof code">%SYSTEM-F-PROTOCOL, network protocol error
</div>
during any attempted IPv6 service creation. Of course IPv4 service creation
would continue as usual.
<p> Server configuration handles the standard dotted-decimal addresses of IPv4,
as well as "normal" and "compressed" forms of standard IPv6 literal addresses,
and a (somewhat) standard variation of these that substitutes hyphens for the
colons in these addresses to allow the colon-delimited port component of a
"URL" to be resolved. Alteratively, use the de facto standard method of
enclosing the IPv6 address within square brackets, followed by any port
component.
<a id="7.5.0.0.1" href="#"></a>
<a id="7.5.ipv6literaladdresses" href="#"></a>
<a id="ipv6literaladdresses" href="#"></a>
<h5 class="head"><span class="text">IPv6 Literal Addresses</span></h5>
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Normal
<th class="tabh">Compressed
<tr class="tabr">
<tr class="tabr">
<td class="tabd">1070:0:0:0:0:800:200C:417B
<td class="tabd">1070::800:200C:417B
<tr class="tabr">
<td class="tabd">0:0:0:0:0:0:13.1.68.3
<td class="tabd">::13.1.68.3
<tr class="tabr">
<td class="tabd">0:0:0:0:0:FFFF:129.144.52.38
<td class="tabd">::FFFF:129.144.52.38
<tr class="tabr under">
<th class="tabh">hyphen-variants
<th class="tabh">
<tr class="tabr">
<tr class="tabr">
<td class="tabd">1070-0-0-0-0-800-200C-417B
<td class="tabd">1070--800-200C-417B
<tr class="tabr">
<td class="tabd">0-0-0-0-0-0-13.1.68.3
<td class="tabd">--13.1.68.3
<tr class="tabr">
<td class="tabd">0-0-0-0-0-FFFF-129.144.52.38
<td class="tabd">--FFFF-129.144.52.38
</table>
<p> In common with all virtual services, if a connection can be established with
the system and service port the server can respond to that request. The first
example binds a service to accept IPv4 connections for any address, while the
second the same for IPv6 (and for IPv4 if the interface has IPv4
configuration).
<div class="blockof code">[[https://alpha.example.com:80]]
[ServiceBind] 0.0.0.0
[[https://alpha6.example.com:80]]
[ServiceBind] ::0
</div>
<p> If a service needs to be bound to a specific IP address then that can be
specified using the [ServiceBind] directive using any of the literal address
formats described above.
<div class="blockof code">[[http://alpha.example.com:80]]
[ServiceBind] 168.192.0.3
[[https://alpha6.example.com:80]]
[ServiceBind] fe80::200:f8ff:fe24:1a22
[[https://[fe80::200:f8ff:fe24:1a22]:80]]
</div>
<a id="7.5.0.0.2" href="#"></a>
<a id="7.5.ipv6nameresolution" href="#"></a>
<a id="ipv6nameresolution" href="#"></a>
<h5 class="head"><span class="text">IPv6 Name Resolution</span></h5>
<p> TCP/IP Services for OpenVMS <span class="high italic">does not</span> provide an asynchronous name
resolution ACP call for IPv6 as it does for IPv4. This means that dynamic name
resolution in IPv6 environments is (currently) an issue. See the server code
module [SRC.HTTPD]TCPIP6.C for further detail and workarounds. Let's hope this
significant deficiency in VMS' IPv6 support is addressed sooner than later!
<a id="7.6" href="#"></a>
<a id="7.6.towwwornottowww" href="#"></a>
<a id="towwwornottowww" href="#"></a>
<h2 class="head"><span class="numb">7.6</span><span class="text">To www. Or Not To www.</span></h2>
<p> In the twenty-first century the <span class="high italic">www.</span> prefix to Web services is largely
redundant. Generally <span class="high italic">www.host.name</span> and <span class="high italic">host.name</span> are treated as
synonymous. WASD conditionals often need to distinguish precisely on the
service name and in some cases this can mean a service for the <span class="high italic">www.host.name</span>
and the <span class="high italic">host.name</span>.
<p> The WASD global configuration directive
<div class="blockof code"># WASD_CONFIG_GLOBAL
[WWWimplied] enabled
</div>
(by default, and for backward-compatibility reasons, disabled) results in the
server matching a request specifying a leading <span class="high italic">www.</span> matching a virtual
service identical <span class="high under">except</span> for the <span class="high italic">www.</span>. So for the configured service.
<div class="blockof code">[[http://the.host.name]]
</div>
a request to http://the.host.name/ (request header "Host: the.host.name") or to
http://www.the.host.name/ (request header "Host: www.the.host.name") will be
matched to it and allow conditionals, etc., to match to the one
"the.host.name".
<a id="7.7" href="#"></a>
<a id="7.7.servicedirectives" href="#"></a>
<a id="servicedirectives" href="#"></a>
<h2 class="head"><span class="numb">7.7</span><span class="text">Service Directives</span></h2>
<p> Where a service directive has an equivalent configuration directive (e.g.
error report path) the service directive takes precedence. This allows
specific virtual services to selectively override the generic configuration.
<table class="tabl" style="margin-top:-1em;">
<tr class="tabr">
<td class="tabd"><a id="7.7.0.0.1" href="#"></a>
<a id="7.7.servicedirectives" href="#"></a>
<a id="servicedirectives" href="#"></a>
<h5 class="head under"><span class="text">Service Directives</span></h5>
<tr class="tabr backlight">
<td class="tabd">[[virtual-service]]
<td class="tabd">scheme://host:port
<tr class="tabr">
<td class="tabd">[ServiceAdmin]
<td class="tabd">an <span class="high italic">instance</span> Server Administration page service
<tr class="tabr backlight">
<td class="tabd">[ServiceBind]
<td class="tabd">if different to host's
<tr class="tabr">
<td class="tabd">[ServiceBodyTag]
<td class="tabd"><BODY> tag for server reports., etc
<tr class="tabr backlight">
<td class="tabd">[ServiceClientSSLcert]
<td class="tabd">proxy SSL connect client certificate file
<tr class="tabr">
<td class="tabd">[ServiceClientSSLkey]
<td class="tabd">proxy SSL connect client private key file
<tr class="tabr backlight">
<td class="tabd">[ServiceClientSSLcipherList]
<td class="tabd">proxy SSL connect ciphers
<tr class="tabr">
<td class="tabd">[ServiceClientSSLverifyCA]
<td class="tabd">verify CA of proxied requests
<tr class="tabr backlight">
<td class="tabd">[ServiceClientSSLverifyCAfile]
<td class="tabd">location of proxy CA file
<tr class="tabr">
<td class="tabd">[ServiceClientSSLversion]
<td class="tabd">proxy SSL version to use
<tr class="tabr backlight">
<td class="tabd">[ServiceConnect]
<td class="tabd">respond to a connection on a port
<tr class="tabr">
<td class="tabd">[ServiceErrorReportPath]
<td class="tabd">path to script, SSI or "flat" error document
<tr class="tabr backlight">
<td class="tabd">[ServiceHttp2Protocol]
<td class="tabd">per-service HTTP/2 disabled
<tr class="tabr">
<td class="tabd">[ServiceLogFormat]
<td class="tabd">per-service access log format
<tr class="tabr backlight">
<td class="tabd">[ServiceNoLog]
<td class="tabd">suppress logging
<tr class="tabr">
<td class="tabd">[ServiceNonSSLRedirect]
<td class="tabd">redirect non-SSL on SSL service
<tr class="tabr backlight">
<td class="tabd">[ServiceProxy]
<td class="tabd">proxy service
<tr class="tabr">
<td class="tabd">[ServiceProxyAffinity]
<td class="tabd">make origin server "sticky"
<tr class="tabr backlight">
<td class="tabd">[ServiceProxyAuth]
<td class="tabd">require proxy authorization
<tr class="tabr">
<td class="tabd">[ServiceProxyCache]
<td class="tabd">proxy caching
<tr class="tabr backlight">
<td class="tabd">[ServiceProxyChain]
<td class="tabd">chained proxy service host
<tr class="tabr">
<td class="tabd">[ServiceProxyChainCred]
<td class="tabd">up-stream proxy service access credentials
<tr class="tabr backlight">
<td class="tabd">[ServiceProxySSL]
<td class="tabd">provide proxy of SSL (connect:)
<tr class="tabr">
<td class="tabd">[ServiceProxyTunnel]
<td class="tabd">enable tunneling of octets
<tr class="tabr backlight">
<td class="tabd">[ServiceRawSocket]
<td class="tabd">enable "RawSocket" scripting
<tr class="tabr">
<td class="tabd">[ServiceShareSSH]
<td class="tabd">share service with SSH
<tr class="tabr backlight">
<td class="tabd">[ServiceSSLcert]
<td class="tabd">SSL service certificate
<tr class="tabr">
<td class="tabd">[ServiceSSLcipherList]
<td class="tabd">list of accepted SSL ciphers
<tr class="tabr backlight">
<td class="tabd">[ServiceSSLkey]
<td class="tabd">SSL service private key
<tr class="tabr">
<td class="tabd">[ServiceSSLoptions]
<td class="tabd">SSL options
<tr class="tabr backlight">
<td class="tabd">[ServiceSSLsessionLifetime]
<td class="tabd">SSL session lifetime
<tr class="tabr">
<td class="tabd">[ServiceSSLstrictTransSec]
<td class="tabd">HSTS maxiumum age in seconds
<tr class="tabr backlight">
<td class="tabd">[ServiceSSLverifyPeer]
<td class="tabd">access only using verified peer certificate
<tr class="tabr">
<td class="tabd">[ServiceSSLverifyPeerCAfile]
<td class="tabd">location of CA file
<tr class="tabr backlight">
<td class="tabd">[SSLverifyPeerDataMax]
<td class="tabd">maximum kBytes of request data buffered during renegotiation
<tr class="tabr">
<td class="tabd">[ServiceSSLverifyPeerDepth]
<td class="tabd">depth of certificate chain
<tr class="tabr backlight">
<td class="tabd">[ServiceSSLversion]
<td class="tabd">SSL version to use
</table>
<p> Configuration keywords equivalent to many of these WASD_CONFIG_SERVICE
directives but usable against the deprecated WASD_CONFIG_GLOBAL [Service]
directive and the /SERVICE qualifier are available for backward compatibility.
See section <span class="high italic">Command Line Parameters</span> in source file [SRC.HTTPD]SERVICE.C for
a list of these keywords.
<a id="7.8" href="#"></a>
<a id="7.8.directivedetail" href="#"></a>
<a id="directivedetail" href="#"></a>
<h2 class="head"><span class="numb">7.8</span><span class="text">Directive Detail</span></h2>
<p> Some of these directives control the behaviour of proxy services. Other
directive are Secure Sockets Layer (SSL) specific.
<ol class="list">
<li class="item"> <span class="high bold">[[virtual-service]]</span>
<span class="high italic">(default: <span class="high italic">none</span>)</span>
<p> Specifies the scheme, host name (or asterisk) and port of a service.
<li class="item"> <span class="high bold">[ServiceAdmin] <span class="high monosp">ENABLED|DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span>
<p> Marks the port as <span class="high italic">administration</span> service
(<a class="link" href="config007.html#7.4.administrationservices">7.4 Administration Services</a>).
<li class="item"> <span class="high bold">[ServiceBind] <span class="high italic">literal address</span></span>
<span class="high italic">(default: <span class="high italic">none</span>)</span>
<p> If the system has a multi-homed network interface this binds the service to
the specific IP address and not to INADDR_ANY. Generally this will not be
necessary. The literal address may be in IPv4 dotted-decimal or IPv6
normal or compressed hexdecimal.
<li class="item"> <span class="high bold">[ServiceBodyTag] <span class="high italic">string</span></span>
<span class="high italic">(default: <BODY>)</span>
<p> Specifies the HTML <BODY> tag for server error and other report pages. This
allows some measure of site "look-and-feel" in page colour, background, etc. to
be maintained.
<li class="item"> <span class="high bold">[ServiceClientSSL] <span class="high monosp">ENABLED|DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span>
<p> Enables a proxy service to <span class="high italic">originate</span> HTTP-over-SSL requests. This is
different to the CONNECT service enabled using [ServiceProxySSL]. It allows
requests to be gatewayed between standard HTTP and Secure Sockets Layer.
<div class="note center">
<a id="7.8.0.0.1" href="#"></a>
<a id="7.8.tlssslconfiguration" href="#"></a>
<a id="tlssslconfiguration" href="#"></a>
<h5 class="head center"><span class="text">TLS/SSL Configuration</span></h5>
<hr class="note_hr">
See
<a class="link blank" target="_blank" href="../features/#transportlayersecurity">Transport Layer Security</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>.
<hr class="note_hr">
</div>
<li class="item"> <span class="high bold">[ServiceClientSSLcert] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span>
<p> Location of client certificate file if required to authenticate client
connection.
<li class="item"> <span class="high bold">[ServiceClientSSLcipherList] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span>
<li class="item"> <span class="high bold">[ServiceClientSSLkey] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span>
<p> Location of client private key file if required to authenticate client
connection.
<p> A comma-separated list of SSL ciphers to be used by the gateway to connect
to SSL services. The use of this parameter might allow the selection of
stronger ciphers to be forced to be used or the connection not allowed to
procede.
<div class="note"><a id="7.8.0.0.1.1" href="#"></a>
<a id="7.8.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">
These <span class="high italic">ServiceClientSSL..</span> directives are used to control behaviour when
outgoing SSL connections are established (as with HTTP-to-SSL gatewaying).
This should not be confused with verification of client certificates, which is
better refered to as peer verification. See [ServiceSSLverifyPeer] and
[ServiceSSLverifyPeerCAfile] directives.
<hr class="note_hr">
</div>
<li class="item"> <span class="high bold">[ServiceClientSSLverifyCA] <span class="high monosp">ENABLED|DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span>
<p> Unless this directive is enabled the Certificate Authority (CA) used to
issue the service's certificate is not verified. Requires that a CA file be
provided. See note in [ServiceClientSSLcipherList] above.
<li class="item"> <span class="high bold">[ServiceClientSSLCaFile] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span>
<p> Specifies the location of the collection of Certificate Authority (CA)
certificates used to verify the connected-to server's certificate (VMS file
specification). See note in [ServiceClientSSLcipherList] above.
<li class="item"> <span class="high bold">[ServiceClientSSLversion] <span class="high italic">string</span></span>
<span class="high italic">(default: SSLV2/V3)</span>
<p> The abbreviation for the SSL protocol version to be used to connect to the
SSL service. See note in [ServiceClientSSLcipherList] above.
<li class="item"> <span class="high bold">[ServiceConnect] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span>
<p> Request-on-connects do not wait for client data but immediately generate a
pseudo request for that service which can be detected and mapped for processing
by the server.
<p> See <a class="link" href="config007.html#7.10.serviceexamples">7.10 Service Examples</a>.
<li class="item"> <span class="high bold">[ServiceErrorReportPath] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span>
<p> Specifies the <span class="high bold">URL-format path</span> to an optional, error reporting SSI
document or script (<a class="link" href="config002.html#2.10.errorreporting">2.10 Error Reporting</a>). This path can subsequently be
remapped during request processing.
<li class="item"> <span class="high bold">[ServiceHttp2Protocol]
<span class="high monosp">ENABLED|DISABLED</span></span>
<span class="high italic">(default: ENABLED)</span>
<p> When HTTP/2 is enabled globally this allows an HTTP/1.<span class="high italic">n</span>-only
service to be defined.
<p> See
<a class="link blank" target="_blank" href="../features/#http2">HTTP/2</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>.
<li class="item"> <span class="high bold">[ServiceLogFormat] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span>
<p> Per-service access log format. See .
<li class="item"> <span class="high bold">[ServiceNoLog] <span class="high monosp">ENABLED|DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span>
<p> When request logging is enabled then by default all services are logged.
This directive allows logging to be suppressed for this service.
<li class="item"> <span class="high bold">[ServiceNonSSLRedirect] <span class="high monosp">code][host-name|IP-address][:port]</span></span>
<span class="high italic">(default: none)</span>
<p> The default behaviour when a non-SSL HTTP request is begun on an SSL service
is to return a 400 error and short message. This directive instead redirects
the client to the specified non-SSL service. The parameter can be an optional
scheme (i.e. http:// or https://), optional full host name or IP address with
optional port, or only a colon-delimited port number which will redirect using
the current service name. A single colon is the minimum parameter and
redirects to port 80 on the current service name. The default redirect code is
307 but this can be changed by providing a leading 301 or 302.
<li class="item"> <span class="high bold">[ServiceProxy] <span class="high monosp">ENABLED|DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span>
<p> Enables and disables proxy request processing for this service.
<li class="item"> <span class="high bold">[ServiceProxyAffinity] <span class="high monosp">ENABLED|DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span>
<p> Uses cookies to allow the proxy server to make every effort to relay
successive requests from a given client to the same origin host. This is also
known as client to origin affinity or proxy affinity capability.
<li class="item"> <span class="high bold">[ServiceProxyAuth] <span class="high monosp"><span class="high italic">none</span>
CHAIN|LOCAL|NONE|PROXY</span></span>
<span class="high italic">(default: none)</span>
<p> Makes a proxy service require authorization before a client is allowed
access via it.
<span class="high monosp">CHAIN</span> allows an up-stream proxy server to request
authorization.
<span class="high monosp">LOCAL</span> enables standard server authorization.
<span class="high monosp">NONE</span> disables authorization (default).
<span class="high monosp">PROXY</span> enables HTTP proxy authorization.
authentication.
<li class="item"> <span class="high bold">[ServiceProxyCache] <span class="high monosp">ENABLED|DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span>
<p> Enables and disables proxy caching for a proxy service.
<li class="item"> <span class="high bold">[ServiceProxyChain] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span>
<p> Specifies the next proxy host if chained.
<li class="item"> <span class="high bold">[ServiceProxyChainCred] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span>
<p> Credentials for the up-stream proxy server (BASIC authentication only); in
the format <span class="high italic">username:password</span>.
<li class="item"> <span class="high bold">[ServiceProxyTunnel] <span class="high monosp">CONNECT|FIREWALL|RAW</span></span>
<span class="high italic">(default: none)</span>
<p> Transfers octets through the proxy server.
<span class="high monosp">FIREWALL</span> accepts a host and port specification before connecting.
<span class="high monosp">CONNECT</span> is the traditional CONNECT protocol.
<span class="high monosp">RAW</span> connects to a configured host an port.
<li class="item"> <span class="high bold">[ServiceProxySSL] <span class="high monosp">ENABLED|DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span>
<p> Specifies the service as providing proxying of SSL requests. This is
sometimes refered as a "CONNECT" service. This proxies "https:" requests
directly and is different to the HTTP-to-SSL proxying enabled using
[ServiceProxyHttpSSL].
<li class="item"> <span class="high bold">[ServiceRawSocket] <span class="high monosp">ENABLED|DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span>
<p> Enable "RawSocket" processing on the service. See the chapter on
WebSocket scripting in
<a class="link blank" target="_blank" href="../scripting/#websocket">WebSocket</a> in
<a class="link blank" target="_blank" href="../scripting/#0.">WASD Web Services - Scripting</a>
<li class="item"> <span class="high bold">[ServiceShareSSH] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0 (disabled))</span>
<p> Non-zero enables service sharing with an SSH server and sets the number of
seconds for input timeout.
<p> See
<a class="link blank" target="_blank" href="../features/#sharedsshtunnel">Shared SSH Tunnel</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>.
<li class="item"> <span class="high bold">[ServiceSSLcert] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span>
<p> Specifies the location of the SSL certificates (VMS file specification).
<div class="note center">
<a id="7.8.0.0.2" href="#"></a>
<a id="7.8.tlssslconfiguration" href="#"></a>
<a id="tlssslconfiguration" href="#"></a>
<h5 class="head center"><span class="text">TLS/SSL Configuration</span></h5>
<hr class="note_hr">
See
<a class="link blank" target="_blank" href="../features/#transportlayersecurity">Transport Layer Security</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>.
<hr class="note_hr">
</div>
<li class="item"> <span class="high bold">[ServiceSSLcipherList] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span>
<p> A colon-separated list (OpenSSL syntax) of TLS/SSL ciphers allowed to be
used by clients to connect to SSL services. The use of this parameter might
allow the selection of stronger ciphers to be forced to be used or the
connection not allowed to procede.
<li class="item"> <span class="high bold">[ServiceSSLkey] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span>
<p> Specifies the location of the SSL private key (VMS file specification).
<li class="item"> <span class="high bold">[ServiceSSLsessionLifetime] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(no default)</span>
<p> The default maximum period for session reuse is five minutes. This is the
per-service equivalent of the global directive [SSLsessionLifetime].
<li class="item"> <span class="high bold">[ServiceSSLstrictTransSec] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(no default)</span>
<p> When non-zero represents the number of seconds, or maximum age, of a HSTS
"Strict-Transport-Security:" response header field.
See
<a class="link blank" target="_blank" href="../features/#transportlayersecurity">Transport Layer Security</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>.
There is an equivalent global directive.
<li class="item"> <span class="high bold">[ServiceSSLverifyPeer] <span class="high monosp">ENABLED|DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span>
<p> To access this service a client must provide a verified CA client
certificate.
<li class="item"> <span class="high bold">[ServiceSSLverifyPeerCAfile] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span>
<p> Specifies the location of the collection of Certificate Authority (CA)
certificates used to verify a peer certificate (VMS file specification).
<li class="item"> <span class="high bold">[ServiceSSLverifyPeerDataMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 1024)</span>
<p> When a client certificate is requested for authentication via TLS/SSL
renegotiation this is the maximum kilobytes POST/PROPFIND/PUT data buffered
during the renegotiation. There is an equivalent global directive.
<li class="item"> <span class="high bold">[SSLverifyPeerDepth] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>
<p> Level through a certificate chain a client is verified to.
<li class="item"> <span class="high bold">[ServiceSSLversion] <span class="high italic">string</span></span>
<span class="high italic">(default: TLS family of protocols)</span>
<p> The abbreviation for the TLS/SSL protocol version allowed to be used to
connect to an SSL service. Using the directive a service may select prefered
protocols.
</ol>
<a id="7.9" href="#"></a>
<a id="7.9.administration" href="#"></a>
<a id="administration" href="#"></a>
<h2 class="head"><span class="numb">7.9</span><span class="text">Administration</span></h2>
<p> A service configuration file can be maintained using a simple text editor
and WASD_CONFIG_SERVICE.
<p> Alternatively the Server Administration facility may be used When using this
interface for the first time ensure the WASD_CONFIG_SERVICE logical is
correctly defined. If the file did not exist at server startup any services
will have been created from the WASD_CONFIG_GLOBAL [Service] directive. These
will be displayed as the existing services and will be saved to the
configuration file the first time it is saved. Changes to the service
configuration file require a server restart to put them into effect.
<p> The [IncludeFile] is a directive common to all WASD configuration, allowing
a separate file to be included as a part of the current configuration
(<a class="link" href="config002.html#2.1.includefiledirective">2.1 Include File Directive</a>).
<p> Not all configuration directives may be shown depending on the type of
service. For instance, unless a service is configured to provide proxy, only
the [ServiceProxy] directive is displayed. To fully configure such a service
enable it as proxy, save the file, then reload it. The additional directives
will now be available.
<p> There is always one empty service displayed each time the configuration
menu is generated. This information may be changed appropriately and then
saved to add new services to the configuration (of course, these will not be
available until the server is restarted). To configure multiple new services
add one at a time, saving each and reloading the file to provide a new blank
service.
<a id="7.10" href="#"></a>
<a id="7.10.serviceexamples" href="#"></a>
<a id="serviceexamples" href="#"></a>
<h2 class="head"><span class="numb">7.10</span><span class="text">Service Examples</span></h2>
<ol class="list">
<li class="item"> The following example shows three services being configured. The first
is standard HTTP on the default (and well-known) port 80. The second is a
proxy service on port 8080. This service provides both standard HTTP (with
response caching enabled), SSL (connect:) access and proxy authorization
required. The third service is SSL, with a host-specific certificate and key.
<div class="blockof code">[[http://alpha.example.com:80]]
[[http://alpha.example.com:8080]]
[ServiceProxy] enabled
[ServiceProxyAuth] PROXY
[ServiceProxyCache] enabled
[ServiceProxySSL] enabled
[[https://alpha.example.com:443]]
[ServiceSSLcert] WASD_ROOT:[local]alpha.pem
</div>
<li class="item"> This example shows a generic service service being configured on the
well-known port 80.
<div class="blockof code">[[http://*:80]]
</div>
If a cluster of four systems, ALPHA, BETA, GAMMA and DELTA all use this
configuration each will have a service accessible via the following four URLs.
<div class="blockof code">http://alpha.example.com/
http://beta.example.com/
http://gamma.example.com/
http://delta.example.com/
</div>
<li class="item"> The following example show two services configured against specific IP
addresses. The first is an IPv4 and the second a compressed IPv6.
<div class="blockof code">[[http://alpha.example.com:80]]
[ServiceBind] 168.192.0.3
[[https://alpha6.example.com:80]]
[ServiceBind] fe80::200:f8ff:fe24:1a22
</div>
<li class="item"> An <span class="high italic">administration port</span> is a special configuration used to support the
Server Administration facility when multiple per-node instances are configured
See description above.
<div class="blockof code">[[https://alpha.example.com:44443]]
[ServiceAdmin] enabled
[ServiceSSLcert] WASD_ROOT:[local]alpha.pem
[ServiceSSLkey] WASD_ROOT:[local]alpha.pem
</div>
<li class="item">
<p> A classic [ServiceConnect] use case is to generate a response when a port is
connected to. In this example, a disabled telnet service.
<div class="blockof code"># WASD_CONFIG_SERVICE
[[http://*:23]]
[ServiceConnect] enabled
</div>
<div class="blockof code"># WASD_CONFIG_MAP
# TELNET port advisory
[[*:23]]
pass * /web/online/port23.txt response=var=crlf
</div>
<div class="blockof code">$ TYPE WEB:[ONLINE]PORT23.TXT
************************************************
TELNET terminal access to the.host.name is unavailable!
Please use the instructions available at...
https://the.host.name/online/ssh
************************************************
</div>
<p> While the above example shows a simple <span class="high italic">pass</span> to a static file, the mapping
could just as simply been mapped to a script to provide a more dynamic
response.
<div class="blockof code"># WASD_CONFIG_MAP
# TELNET port advisory
[[*:23]]
map * /cgi-bin/port23
…
exec /cgi-bin/* /cgi-bin/*
</div>
</ol>
<!-- source:1000_MESSAGE.WASDOC -->
<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">↩︎</a>
<td><a href="config006.html#6.">↖︎</a>
<td><a href="config000.html#0.">↑︎</a>
<td><a href="config008.html#8.">↘︎</a>
<td><a href="javascript:window.history.forward();">↪︎</a>
</table>